摘要
提出一种用于电力信息系统安全设计的建模语言和定量化评估方法。设计了安全体系设计迹语言,统一描述系统结构、系统业务、安全策略、攻击行为和安全措施等;构造了风险自动分析算法,以获得电力信息系统的攻击迹;基于攻击迹提出相对安全度概念,用于定量评估安全体系的安全性;通过实例验证了所述方法的有效性。该方法可用于定量评估各类安全措施的控制效果,如增加新的安全功能、调整系统自身结构和用户业务需求等,减少了选择安全措施的主观性。
A modeling language and a quantitative evaluation approach to the security of power information systems are presented. A security architecture design trace language is first worked out to uniformly describe the system structures, services, security policies, attack behaviors and countermeasures. Then an automated risk analyzing algorithm is proposed to obtain the attack traces of the power information system. And based on the concept of the relative security degree, the security architecture can be quantitatively evaluated. Finally, with a case study in an actual power information system, the effectiveness of the approach proposed is demonstrated. In practice, the approach can be employed for assessing various kinds of countermeasures, such as increasing a new security function, adjusting system self-structure, and changing customer operation requirements. And it can greatly reduce the subjectivity of countermeasure selection.
出处
《电力系统自动化》
EI
CSCD
北大核心
2005年第10期30-35,共6页
Automation of Electric Power Systems
